CVE-2015-0346: Double Free
First published: Tue Apr 14 2015(Updated: )
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat enterprise linux desktop supplementary | =5.0 | |
| redhat enterprise linux desktop supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary | =5.0 | |
| Red Hat Enterprise Linux Server Supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary EUS | =6.6.z | |
| Red Hat Enterprise Linux Workstation Supplementary | =6.0 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| SUSE Linux Enterprise Desktop | =11.0-sp3 | |
| SUSE Linux Enterprise Desktop | =12.0 | |
| SUSE Linux Workstation Extension | =12.0 | |
| Adobe Acrobat Reader | <=13.0.0.264 | |
| Adobe Acrobat Reader | =14.0.0.125 | |
| Adobe Acrobat Reader | =14.0.0.145 | |
| Adobe Acrobat Reader | =14.0.0.176 | |
| Adobe Acrobat Reader | =14.0.0.179 | |
| Adobe Acrobat Reader | =15.0.0.152 | |
| Adobe Acrobat Reader | =15.0.0.167 | |
| Adobe Acrobat Reader | =15.0.0.189 | |
| Adobe Acrobat Reader | =15.0.0.223 | |
| Adobe Acrobat Reader | =15.0.0.239 | |
| Adobe Acrobat Reader | =15.0.0.246 | |
| Adobe Acrobat Reader | =16.0.0.235 | |
| Adobe Acrobat Reader | =16.0.0.257 | |
| Adobe Acrobat Reader | =16.0.0.287 | |
| Adobe Acrobat Reader | =16.0.0.296 | |
| Adobe Acrobat Reader | =17.0.0.134 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| Adobe Acrobat Reader | <=11.2.202.451 | |
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2015-0813.html
- http://www.securityfocus.com/bid/74067
- http://www.securitytracker.com/id/1032105
- https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
- https://security.gentoo.org/glsa/201504-07
Frequently Asked Questions
What is the severity of CVE-2015-0346?
CVE-2015-0346 has a critical severity rating due to its potential to allow attackers to execute arbitrary code.
How do I fix CVE-2015-0346?
To fix CVE-2015-0346, update Adobe Flash Player to version 13.0.0.281 or later, or upgrade to a version in the 14.x or 17.x series that is patched.
Which Adobe Flash Player versions are affected by CVE-2015-0346?
CVE-2015-0346 affects Adobe Flash Player versions below 13.0.0.281, all 14.x versions prior to 17.0.0.169, and various versions below 11.2.202.457 for Linux.
What platforms are impacted by CVE-2015-0346?
CVE-2015-0346 affects Adobe Flash Player on Windows, OS X, and Linux operating systems.
What type of vulnerability is CVE-2015-0346?
CVE-2015-0346 is a double free vulnerability that can lead to arbitrary code execution.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/redhat enterprise linux desktop supplementary
- version/redhat enterprise linux desktop supplementary/5.0
- version/redhat enterprise linux desktop supplementary/6.0
- canonical/red hat enterprise linux server supplementary
- version/red hat enterprise linux server supplementary/5.0
- version/red hat enterprise linux server supplementary/6.0
- canonical/red hat enterprise linux server supplementary eus
- version/red hat enterprise linux server supplementary eus/6.6.z
- canonical/red hat enterprise linux workstation supplementary
- version/red hat enterprise linux workstation supplementary/6.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11.0-sp3
- version/suse linux enterprise desktop/12.0
- canonical/suse linux workstation extension
- version/suse linux workstation extension/12.0
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/13.0.0.264
- version/adobe acrobat reader/14.0.0.125
- version/adobe acrobat reader/14.0.0.145
- version/adobe acrobat reader/14.0.0.176
- version/adobe acrobat reader/14.0.0.179
- version/adobe acrobat reader/15.0.0.152
- version/adobe acrobat reader/15.0.0.167
- version/adobe acrobat reader/15.0.0.189
- version/adobe acrobat reader/15.0.0.223
- version/adobe acrobat reader/15.0.0.239
- version/adobe acrobat reader/15.0.0.246
- version/adobe acrobat reader/16.0.0.235
- version/adobe acrobat reader/16.0.0.257
- version/adobe acrobat reader/16.0.0.287
- version/adobe acrobat reader/16.0.0.296
- version/adobe acrobat reader/17.0.0.134
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- version/adobe acrobat reader/11.2.202.451
- vendor/linux
- canonical/linux kernel